EU reveals plans to protect whistleblowers from punishment in new legislation

Digital Markets Act aims to strengthen internal markets, prevent misuse of personal data, and impose massive fines on companies

The EU adopted a proposal on the Digital Markets Act (DMA) on Tuesday, part of which will protect whistleblowers from retaliation for alerting authorities to violations of new laws imposed on Big Tech companies.

The latest proposal on the DMA was accepted by an overwhelming majority of the Internal Market and Consumer Protection Committee and will introduce new rules for the biggest tech businesses, setting out what they will and will not be allowed to do in the EU.

Part of the latest DMA proposal stipulates that Internal Market MEPs should ensure adequate protections are afforded to whistleblowers at companies who fall under the DMA's remit and violate its rules.

Companies that will be bound by the DMA, should it be passed into law after consideration by the European Parliament, are known as 'gatekeepers'. A business qualifies as a gatekeeper if it operates in the European Economic Area (EEA), generates €8 billion (£6.7 billion) in annual turnover, and has a market capitalisation of at least €80 billion (£67 billion).

Gatekeepers will also have to operate a core platform in at least three EU countries and have at least 45 million end users, as well as more than 10,000 business users.

As part of the EU's so-called 'dos and don'ts', gatekeepers must "refrain from imposing unfair conditions on businesses and consumers". Lawmakers specifically identified data-driven profiling and targeted advertising as an area requiring change.

Related Resource

Content syndication isn't dead, but your data processes might be

It's a new (lead) generation

Drawn image in white of a figure with a graph arrow on the up and a dollar sign over a photo of metal cogsFree Download

In line with GDPR, gatekeepers will be punished for collecting personal data for their own commercial purposes or to deliver targeted advertisements to consumers unless users give "clear, explicit, and renewed informed consent".

Crucially, collecting and using the personal data of minors to drive direct marketing or targeted advertising strategies will be entirely forbidden, regardless of whether they have given consent.

Punishments for violating the rules as set out in the DMA, should they be adopted into law, will be in the form of fines of no less than 4% and no greater than 20% of the gatekeeper's global turnover.

“The EU stands for competition on the merits, but we do not want bigger companies getting bigger and bigger without getting any better and at the expense of consumers and the European economy," said Andreas Schwab, Rapporteur and German MEP for the European People's Party on Tuesday.

"Today, it is clear that competition rules alone cannot address all the problems we are facing with tech giants and their ability to set the rules by engaging in unfair business practices," he added. "The Digital Markets Act will rule out these practices, sending a strong signal to all consumers and businesses in the Single Market: rules are set by the co-legislators, not private companies!"

"With the Digital Markets Act, the EU is putting an end to the absolute market dominance of big online platforms in the EU," said Anna Cavazzini, Internal Market and Consumer Protection Committee chair and German MEP for Greens/EFA.

The DMA will also give new powers to the EU enabling it to effectively halt so-called 'killer acquisitions' initiated by gatekeepers. The European Commission will be able to restrict gatekeepers from making acquisitions that could damage the internal market and impose “structural or behavioural remedies” where gatekeepers have exhibited systematic non-compliance.

If the timescale across which GDPR was implemented in EU member states is anything to go by, the DMA will likely take a few years to be enacted into law, according to Usman Wahid, data, digital, and technology team lead at KPMG, and will require great effort on behalf gatekeepers to introduce.

"Complying with the proposed regulation will be a significant exercise for online platforms," he said. "The proposals will affect the business models, operating models, organisation and governance of most of the online platforms which are subject to the regulations.

"We believe online platforms should start their assessment by considering the structure of the proposed regulation and whether a precedent already exists within existing EU law.

Wahid added that the DMA has a similar legislative structure to existing competition laws and is "a good starting point with lessons learned applied to enhance the chances of success".

Featured Resources

Seven steps to connect and empower your frontline workers

How business leaders can improve communication with a secure platform

Free download

Create what’s next

The future of collaboration and productivity

Free Download

Leveraging the cloud without relinquishing control

Your data. Their cloud.

Free download

Re-architecting for nonstop innovation

Unlocking productivity, scalability, and lower costs for cloud natives

Free Download


GDPR 2.0: What do Europe’s new AI rules mean for businesses?
IT regulation

GDPR 2.0: What do Europe’s new AI rules mean for businesses?

28 Jun 2021
The IT Pro Podcast: Navigating Brexit data transfers
data protection

The IT Pro Podcast: Navigating Brexit data transfers

5 Feb 2021

Most Popular

How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

12 Nov 2021